Dump and enforce certificate for apks

Dump the list of APKs that aren't located at system partition and signed
with system certificate.
And when enforcement option is enabled, it makes build error if there is
the apk that satisfies the condition above.

Bug: 74699609

Test: m -j
Test: m out/target/product/$(get_build_var TARGET_DEVICE)/certificate_violation_modules.txt

Change-Id: I23c41f2665dd97abac3e77d1c82d81ff91b894eb

core/product_config.mk

@@ -367,6 +367,11 @@ PRODUCT_PRODUCT_PROPERTIES := \
     $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PRODUCT_PROPERTIES))
 .KATI_READONLY := PRODUCT_PRODUCT_PROPERTIES
 
+ENFORCE_SYSTEM_CERTIFICATE := \
+    $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ENFORCE_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT)
+
+ENFORCE_SYSTEM_CERTIFICATE_WHITELIST := \
+    $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_REQUIREMENT_WHITELIST))
 
 # A list of property assignments, like "key = value", with zero or more
 # whitespace characters on either side of the '='.